Shulou(Shulou.com)06/01 Report--

This article mainly explains "what are the interview questions for Node.js". Friends who are interested might as well take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn what are the interview questions of Node.js.

problem

What is an error-first callback function?

How to avoid callback to hell?

What is Promise?

What tools do you use to ensure a consistent code style? Why are you doing this?

What is Stub? Give examples to illustrate

What is the Test Pyramid? Give examples to illustrate

Which HTTP framework do you like best? Why?

How does Cookies prevent XSS attacks?

How to ensure the security of dependencies?

Answer 1. What is an error-first callback function?

The error-first callback function (Error-First Callback) is used to return both errors and data. The first parameter returns an error and verifies that it is wrong; the other parameters are used to return data.

Fs.readFile (filePath, function (err, data) {if (err) {/ / handling error return console.log (err);} console.log (data);}); 2. How to avoid callback to hell?

Callbacks to hell can be avoided in the following ways:

Modularization: converting callback functions to independent functions

Use a process control library, such as aync

Use Promise

Use aync/await (see 6 reasons for Async/Await instead of Promise)

3. What is Promise?

Promise can help us handle asynchronous operations better. In the following example, the result string is printed after 100ms. Catch is used for error handling. Multiple Promise can be linked together.

New Promise ((resolve, reject) = > {setTimeout (() = > {resolve ('result');}, 100)}) .then (console.log) .catch (console.error); 4. What tools do you use to ensure a consistent code style? Why are you doing this?

When working as a team, it is important to ensure a consistent code style so that team members can modify the code more quickly without having to adapt to the new style every time. These tools can help us:

ESLint

Standard

If you are interested, you can refer to JavaScript Clean Coding

5. What is Stub? Give examples to illustrate

Stub is used to simulate the behavior of the module. When testing, Stub can return the results of the simulation for function calls. For example, when we write a document, we don't really need to write it.

Var fs = require ('fs'); var writeFileStub = sinon.stub (fs,' writeFile', function (path, data, cb) {return cb (null);}); expect (writeFileStub) .to.be.birthday; writeFileStub.restore (); 6. What is the Test Pyramid? Give examples to illustrate

The test pyramid reflects the proportion of unit tests, integration tests, and end-to-end tests to be written:

When testing the HTTP interface, it should look like this:

Many unit tests, testing each module separately (dependency requires stub)

Less integration testing, testing the interaction between modules (dependencies cannot stub)

A small number of end-to-end tests to invoke the real interface (dependency cannot stub)

7. Which HTTP framework do you like best? Why?

The standard answer to this question. The advantages and disadvantages of the framework need to be described to reflect the developer's familiarity with the framework.

8. How does Cookies prevent XSS attacks?

XSS (Cross-Site Scripting, cross-site scripting attack) means that an attacker inserts a JavaScript script into the returned HTML. To mitigate these attacks, you need to configure set-cookie in the HTTP header:

HttpOnly-this property prevents cross-site scripting because it prevents Javascript scripts from accessing cookie.

Secure-this property tells the browser to send cookie only if the request is HTTPS.

The result should look like this: Set-Cookie: sid=; HttpOnly. With Express, cookie-session is configured by default.

9. How to ensure the security of dependencies?

When writing Node.js applications, you are likely to rely on hundreds of modules. For example, if you use Express, you will directly rely on 27 modules. Therefore, it is not realistic to check all dependencies manually. The only way is to automate security checks on dependencies, with these tools to choose from:

Npm outdated

Trace by RisingStack

NSP

GreenKeeper

Snyk

Additional question 1. What's wrong with this code? New Promise ((resolve, reject) = > {throw new Error ('error')}) .then (console.log)

There is no catch after then. In this way, the mistake will be ignored. The problem can be solved like this:

New Promise ((resolve, reject) = > {throw new Error ('error')}) .then (console.log) .catch (console.error)

When debugging a large project, you can use the monitor unhandledRejection event to catch all unhandled Promise errors:

Process.on ('unhandledRejection', (err) = > {console.log (err)})

two。 What's wrong with this code?

Function checkApiKey (apiKeyFromDb, apiKeyReceived) {if (apiKeyFromDb = apiKeyReceived) {return true} return false}

When comparing passwords, no information can be disclosed, so the comparison must be done at a fixed time. Otherwise, you can use timing attacks to attack your application. Why is that? Node.js uses the V8 engine, which optimizes code from a performance perspective. It compares the letters of the string one by one, and stops the comparison once a mismatch is found. When the attacker's password is more accurate, the longer the comparison time. Therefore, the attacker can judge the correctness of the password by comparing the length of time. Using cryptiles can solve this problem:

Function checkApiKey (apiKeyFromDb, apiKeyReceived) {return cryptiles.fixedTimeComparison (apiKeyFromDb, apiKeyReceived)} 3. What is the output of this code? Promise.resolve (1) .then (x) = > x + 1) .then (x) = > {throw new Error ('My Error')}) .catch (() = > 1) .then ((x) = > x + 1) .then ((x) = > console.log (x)) .catch (console.error)

The answer is 2, explained line by line as follows:

Create a new Promise with a value of 1.

X is 1, plus 1 returns 2.

X is 2, but it is not used. Throw a mistake.

The error was caught, but not handled. Return 1.

X is 1, plus 1 returns 2.

X is 2, print 2.

Will not be executed because there are no errors thrown.

At this point, I believe you have a deeper understanding of "what are the interview questions of Node.js?" you might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.